APPropriate Behaviour
The book about all the things software writers do that aren't writing software.
FSF
Author Archives: Graham
On type safety and making it harder to write buggy code
Objective-C’s duck typing system is both a blessing and a curse. A blessing, in that it’s amazingly flexible. A curse, in that such flexibility can lead to some awkward problems. Something that typically happens in dealing with data from a … Continue reading
Posted in code-level, iPad, iPhone, Mac
5 Comments
Careful how you define your properties
Spot the vulnerability in this Objective-C class interface: @interface SomeParser : NSObject { @private NSString *content; } @property (nonatomic, retain) NSString *content; – (void)beginParsing; //… @end Any idea? Let’s have a look at a use of this class in action: … Continue reading
Posted in iPad, iPhone, Mac, Vulnerability
2 Comments
Why OS X (almost) doesn’t need root any more
Note: this post was originally written for the Mac Developer Network. In the beginning, there was the super-user. And the super-user was root. When it comes to doling out responsibility for privileged work in an operating system, there are two … Continue reading
Posted in Authorization, Mac, PCAS
Comments Off on Why OS X (almost) doesn’t need root any more
On improved tool support for Cocoa developers
I started writing some tweets, that were clearly taking up too much room. They started like this: My own thoughts: tool support is very important to good software engineering. 3.3.1 is not a big inhibitor to novel tools. /cc @rentzsch … Continue reading
Posted in PCAS, threatmodel, tool-support
1 Comment
On localisation and security
Hot on the heels of Uli’s post on the problems of translation, I present another problem you might encounter while localising your code. This is a genuine bug (now fixed, of course) in code I have worked on in the … Continue reading
Posted in buffer-overflow, l10n, Mac, Vulnerability
2 Comments
Which vendor “is least secure”?
The people over at Intego have a blog post, Which big vendor is least secure? They discuss that because Microsoft have upped their game, malware authors have started to target other products, notably those produced by Adobe and Apple. That … Continue reading
Posted in Business, Responsibility, threatmodel, Vulnerability
2 Comments
Why passwords aren’t always the right answer.
I realised something yesterday. I don’t know my master password. Users of Mac OS X can use FileVault, a data protection feature that replaces the user’s home folder with an encrypted disk image. Encrypted disk images are protected by AES-128 … Continue reading
Posted in Encryption, Keychain, Mac, password
3 Comments
Regaining your identity
In my last post, losing your identity, I pointed out an annoying problem with the Sparkle update framework, in that if you lose your private key you can no longer post any updates. Using code signing identities would offer a … Continue reading
Posted in Codesign, Crypto, PCAS, Updates
Leave a comment
Losing your identity
Developers make use of cryptographic signatures in multiple places in the software lifecycle. No iPad or iPhone application may be distributed without having been signed by the developer. Mac developers who sign their applications get to annoy their customers much … Continue reading
Security flaw liability
The Register recently ran an opinion piece called Don’t blame Willy the Mailboy for software security flaws. The article is a reaction to the following excerpt from a SANS sample application security procurement contract: No Malicious Code Developer warrants that … Continue reading
Posted in Malware, Policy, Responsibility, Vulnerability
Comments Off on Security flaw liability
